authmcp-gateway 1.0.0

Universal Authentication Gateway for MCP (Model Context Protocol) Servers

AuthMCP Gateway

Secure authentication proxy for Model Context Protocol (MCP) servers

AuthMCP Gateway provides centralized authentication, authorization, and monitoring for MCP servers. It acts as a secure proxy between clients and your MCP backends, adding JWT-based authentication, rate limiting, real-time monitoring, and comprehensive security logging.

Features

🔐 Authentication & Authorization

• OAuth 2.0 + JWT - Industry-standard authentication flow
• User Management - Multi-user support with role-based access
• Backend Token Management - Secure storage and auto-refresh of MCP server credentials
• Rate Limiting - Per-user request throttling with configurable limits

📊 Real-Time Monitoring

• Live MCP Activity Monitor - Real-time request feed with auto-refresh
• Performance Metrics - Response times, success rates, requests/minute
• Security Event Logging - Unauthorized access attempts, rate limiting, suspicious activity
• Health Checking - Automatic health checks for all connected MCP servers

🎛️ Admin Dashboard

• User Management - Create, edit, and manage users
• MCP Server Configuration - Add and configure backend MCP servers
• Token Management - Monitor token health and manual refresh
• Security Events - View and filter security events
• API Testing - Built-in MCP testing interface

🛡️ Security

• JWT token-based authentication with refresh tokens
• Secure credential storage with encrypted database support
• CORS protection and request validation
• Security event logging and monitoring
• File-based logging - No database bloat, 30-day rotation
• Built-in security testing guide

Documentation

📚 Complete Documentation - Full documentation index

Quick Links:

• Deployment Guide - Production setup with HTTPS, Docker, cloud platforms
• Logging Architecture - File-based logging, log formats, analysis
• API Reference - REST API documentation with examples
• Security Testing - Security verification and testing
• Publishing Guide - Publishing to PyPI

Quick Start

Docker Compose (Recommended)

1. Clone and configure:

   git clone https://github.com/yourusername/authmcp-gateway.git
   cd authmcp-gateway
   cp .env.example .env
   # Edit .env with your settings
   

2. Start the gateway:

   docker-compose up -d
   

3. Access admin panel:

   • Open http://localhost:9105/
   • Complete setup wizard to create admin user
   • Add your MCP servers

Python Package

pip install authmcp-gateway
authmcp-gateway

Then access http://localhost:8000/ for setup.

Configuration

Environment Variables

# Gateway Settings
GATEWAY_PORT=9105              # Gateway port (default: 8000)
JWT_SECRET=your-secret-key     # JWT signing key (auto-generated if not set)
REQUIRE_AUTH=true              # Enable authentication (default: true)

# Admin Settings
ADMIN_USERNAME=admin           # Initial admin username
ADMIN_PASSWORD=secure-password # Initial admin password

Adding MCP Servers

Via Admin Panel:

1. Navigate to MCP Servers → Add Server
2. Enter server details:
   • Name (e.g., "GitHub MCP")
   • URL (e.g., "http://github-mcp:8000/mcp")
   • Backend token (if required)

Via API:

curl -X POST http://localhost:9105/admin/api/mcp-servers \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "GitHub MCP",
    "url": "http://github-mcp:8000/mcp",
    "backend_token": "optional-token"
  }'

Usage

For End Users

1. Login to get access token:

   curl -X POST http://localhost:9105/auth/login \
     -H "Content-Type: application/json" \
     -d '{"username":"your-username","password":"your-password"}'
   

2. Use token to access MCP endpoints:

   curl -X POST http://localhost:9105/mcp \
     -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
     -H "Content-Type: application/json" \
     -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'
   

For Administrators

Admin Panel Features:

• Dashboard - Overview of users, servers, and activity
• MCP Activity - Real-time monitoring of all MCP requests
• Security Events - View unauthorized access attempts and suspicious activity
• User Management - Create and manage user accounts
• Token Management - Monitor and refresh backend tokens

Architecture

┌─────────────┐
│   Client    │
│  (Claude,   │
│   etc.)     │
└──────┬──────┘
       │ JWT Auth
       ▼
┌─────────────────────────────┐
│   AuthMCP Gateway           │
│                             │
│  • Authentication           │
│  • Rate Limiting            │
│  • Security Logging         │
│  • Request Routing          │
│  • Health Monitoring        │
└──────┬──────────────────────┘
       │
       ├──────────┬──────────┬──────────┐
       ▼          ▼          ▼          ▼
  ┌─────────┐ ┌────────┐ ┌────────┐ ┌────────┐
  │GitHub   │ │  RAG   │ │ Home   │ │Custom  │
  │MCP      │ │  MCP   │ │Assistant│ │ MCP    │
  └─────────┘ └────────┘ └────────┘ └────────┘

API Endpoints

Public Endpoints

• POST /auth/login - User login
• POST /auth/register - User registration (if enabled)
• POST /auth/refresh - Refresh access token
• GET /.well-known/oauth-authorization-server - OAuth discovery

Protected Endpoints

• POST /mcp - Aggregated MCP endpoint (all servers)
• POST /mcp/{server_name} - Specific MCP server endpoint
• GET /auth/me - Current user info
• POST /auth/logout - Logout

Admin Endpoints

• GET /admin - Admin dashboard
• GET /admin/mcp-activity - Real-time MCP monitoring
• GET /admin/security-logs - Security events
• GET /admin/users - User management
• GET /admin/mcp-servers - MCP server configuration
• Plus full REST API for management

Security

Testing Security

See docs/SECURITY_TESTING.md for:

• Manual security tests
• Automated testing script
• Production deployment checklist
• Security best practices

Security Features

• ✅ JWT-based authentication with refresh tokens
• ✅ Rate limiting per user
• ✅ Security event logging
• ✅ MCP request tracking with suspicious activity detection
• ✅ Health monitoring for backend servers
• ✅ CORS protection
• ✅ Secure credential storage

Development

Local Development

# Clone repository
git clone https://github.com/yourusername/authmcp-gateway.git
cd authmcp-gateway

# Create virtual environment
python3 -m venv venv
source venv/bin/activate  # or `venv\Scripts\activate` on Windows

# Install dependencies
pip install -e .

# Run gateway
authmcp-gateway

Running Tests

pytest tests/

Project Structure

authmcp-gateway/
├── src/authmcp_gateway/
│   ├── admin/           # Admin panel routes and logic
│   ├── auth/            # Authentication & authorization
│   ├── mcp/             # MCP proxy and handlers
│   ├── security/        # Security logging and monitoring
│   ├── middleware.py    # Request middleware
│   └── app.py           # Main application
├── templates/           # Jinja2 templates (admin UI)
├── docs/                # Documentation
├── tests/               # Test suite
└── docker-compose.yml   # Docker deployment

Monitoring

Real-Time Dashboard

Access /admin/mcp-activity for:

• Live request feed (updates every 3 seconds)
• Requests per minute
• Average response times
• Success rates
• Top tools usage
• Per-server statistics

Logs

View logs in real-time:

docker logs -f authmcp-gateway

Troubleshooting

Cannot access admin panel:

• Ensure you've completed the setup wizard at /setup
• Check that cookies are enabled
• Verify JWT_SECRET is set correctly

MCP server shows as offline:

• Check server URL is correct and reachable
• Verify backend token if required
• View error details in MCP Servers page

401 Unauthorized errors:

• Token may have expired - use refresh token
• Verify Authorization header format: Bearer YOUR_TOKEN
• Check user has permission for the MCP server

For more help, see docs/SECURITY_TESTING.md.

License

MIT License - see LICENSE file for details.

Contributing

Contributions welcome! Please:

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Submit a pull request

Roadmap

• Prometheus metrics export
• WebSocket support for real-time updates
• Per-tool rate limiting
• Enhanced security testing automation
• Multi-tenancy support
• API key authentication option

---

Built with ❤️ for the MCP ecosystem